Having some trouble understanding 1:1 NAT.
I understand what 1:1 nat is and why you would use it, but I'm having some trouble understanding how to make it work properly.
I have 7 available DHCP assigned IP addresses, 2 of which are statically assigned. 1 of those goes to my pfsense box for all my networks, and the other goes directly to my mail server. What I would like to do is move my mail server to my internal LAN, and and use 1:1 for access to it, so this would gives me access internally for other things.
So my real problem i guess is, if i go to the VIP page, I can fill in the info I have (which I don't know which is correct, proxy arp, carp, or other) and then do the 1:1 setup, but nothing goes through. I'm wondering will my DHCP assigned (based on MAC) address actually work like this? or will this only work with true static addresses?
GruensFroeschli last edited by
VIP's only work with static IPs, NOT with DHCP-assigned IPs.
Since you say your mailserver has currently a static IP and you want to move it into the LAN:
Just create a VIP for this static IP, move the server to the LAN and 1:1 forward the traffic from the VIP to the server.
Maybe you have to contact your ISP to ask if he only allows traffic of IP's that actually pulled an IP from their DHCP.
Or just ask him to give you "real" static IP's :)
My mail server is DHCP assigned but with a static mapping to my MAC. When I first signed up with my ISP I was givin 5 addresses and I added 2 static, the problem is on their network those are on different vlans and I only had the 2 static ones. I needed the other ones to so they switched vlans and did a static mapping.
I don't think I can get real static addresses and keep my 5 other ones
If they did a static mapping, then you should be able to manually configure your nic with those parameters, it doesn't matter if you get the ip address from the DHCP or if you configure it manually, as long as you make sure that you doesn't setup an IP address that might be used elsewhere, if they did a static dhcp assignation that means that only you can get that ip address, you should be good to go in manual configuration. Unless your ISP have some sort of weird setup that would prevent you to make this, but I doubt it.